package com.xt.purchasingsystem.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;

/**
 * 网关跨域配置类
 *
 * @author: 老姚
 * Date:  2020/5/17 23:48
 */
@Configuration
public class PurchaseCorsConfig {
    //    //这里为支持的请求头，如果有自定义的header字段请自己添加（不知道为什么不能使用*）
//    private static final String ALLOWED_HEADERS = "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN,token,username,client";
//    private static final String ALLOWED_METHODS = "*";
//    private static final String ALLOWED_ORIGIN = "*";
//    private static final String ALLOWED_Expose = "*";
//    private static final String MAX_AGE = "18000L";

    /**
     * 配置跨域的Filter
     * @return
     */
    @Bean
    public CorsWebFilter corsWebFilter() {
        UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        //允许携带cookie
        corsConfiguration.setAllowCredentials(true);
        //允许所有的请求方式访问
        corsConfiguration.addAllowedMethod("*");
        //允许哪些域名访问
        corsConfiguration.addAllowedOrigin("http://www.erp.com");
        //允许携带所有的头信息
        corsConfiguration.addAllowedHeader("*");
        corsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return new CorsWebFilter(corsConfigurationSource);

    }

}
